So you've already discovered the benefits of AS2 and are now convinced you need one for your business. You might now be wondering, 'what is the best AS2 server out there'? There can be a number of products to choose from, so let's identify the qualities that really matter.
Does it enable automation?
In EDI-driven business transactions, it's important to carry out data exchanges efficiently and accurately. There's no room for wasted time or human errors. Otherwise, you'll be defeating the purpose of adopting EDI. For this reason, you need to ensure that your AS2 server is equipped with features that enable automation.
It's not enough that your server can send and receive AS2 messages. Your server should also enable you to set up an automated file transfer so that EDI document transmissions can be carried out on a predefined schedule or in response to a particular event. That way, you can be sure the transmissions are carried out on time and with a high degree of accuracy.
Is automation easy to set up?
Now, traditionally, to implement automation on an AS2 server, server admins usually use scripts. The thing is, although scripts offer versatility and power, they also have a couple of disadvantages.
- First of all, they require people who have coding skills to write them. Because B2B transactions can be quite complex and need to be highly reliable, you can't afford to assign someone with novice script writing skills for the job. Hence, you'll be forced to either send your server admin for training or hire someone who already has the required skills. Both options can be quite expensive.
- They're hard to manage and document. And so, if you lose whoever wrote those scripts (maybe by virtue of a promotion, retirement or resignation), you'll encounter a lot of headaches should you wish to modify them in the future. The replacement you hire will likely have a hard time tracing what each script does and might just end up rewriting most of them.
Most of the time, it would be better to choose an automation method that's both robust and easy to use. That way, you can simply assign a current member of your IT team to do the job.
What is its level of interoperability with your trading partner's AS2 solution?
AS2 connections between trading partners are normally more difficult to set up than general purpose protocols like FTP/S or SFTP. You need to pay attention to things like the AS2 service URL, digital certificates, From and To IDs, signatures, cryptographic keys, receipts, and so on. Hence, it's important to make sure your AS2 server can interoperate with your trading partner's solution. Otherwise, both of you will encounter a lot of hitches along the way.
The best way to ensure interoperability with your trading partner is by seeing to it that your AS2 server is Drummond-certified. A Drummond certification is basically a stamp of approval indicating that an AS2 solution adheres to AS2 protocol standards. So, if both you and your trading partner's AS2 servers are Drummond-certified, it means you're both adhering to AS2 standards and can seamlessly exchange AS2 messages.
How easy is it to deploy?
Most IT teams prefer a certain type of operating system than others. Some are more comfortable with Windows but others prefer Linux, Solaris, UNIX, AIX, or some other less-known operating system. Thus, it's important to pick an AS2 solution that can run on your OS of choice. That way, you won't have to be bogged down trying to familiarize with the OS when you're still in the deployment phase.
Is it easy to administer?
Once your AS2 server is fully deployed, you will have to perform a variety of administrative tasks on it. Some of the most common AS2 server tasks involve the following:
- Generating cryptographic elements (e.g. keys, certificates)
- Setting up connections with your trading partner(s)
- Setting up automated processes (e.g. listening to newly uploaded files, picking up attachments, sending EDI documents, copying files, and so on)
- Setting up authentication
- Segregating files coming in from different trading partners
- and many others
When performing these tasks, you wouldn't want your progress to be impeded by too much complexity. You will want to an administrative UX that's easy to learn and configure. And then, once everything is up and running, you will want an environment that's easy to manage.
Does it support other file transfer protocols?
While AS2 is steadily gaining popularity among organizations who engage in automated B2B transactions, there's still a good number who use other file transfer protocols. Thus, if you have trading partners that use other protocols like FTP, FTPS, SFTP, OFTP, and others, you will still need solutions that can interoperate with those. For this reason, it's not unusual for one organization to maintain multiple file transfer solutions.
To reduce complexity and make it less burdensome for your server admins, it would be much better if your file transfer solution already supported multiple file transfer protocols, including AS2. A multi-protocol file transfer solution would allow your admins to manage all data exchanges on a single platform.
How secure is it?
Many EDI documents contain sensitive information, like personal and financial data. So it's important for your AS2 server to be equipped with sufficient security measures that can minimize the risk posed by cyber threats. In addition to the cryptographic elements and other security features inherent in AS2, it would help if your AS2 server also supports security features like:
- multi-factor authentication - Due to the large volume of data that converge in AS2 servers, they can be targets of cyber criminals who are in the business of stealing sensitive data. One way to reduce the risk of brute force attacks and other means of unauthorized access is multi-factor authentication, which usually combines username/password authentication with another such as public/private key pairs, biometrics, security tokens, and others
- password compliance - Another way of reducing the risk of unauthorized access is by enforcing strong password policies such as changing passwords every 90 days, use of alphanumeric and non-alphanumeric characters, use of long passwords, etc. However, you can only do that if your AS2 server readily supports it.
- detailed logging - To provide IT, digital forensic investigators and security analysts a way of tracing the flow of an attack in the event of a data breach or any cyber incident, your AS2 server should have a way of generating detailed log information about server events/activities.
- high availability - One of the pillars of the cyber security CIA triad is availability. It would help if your AS2 server had high availability capabilities that would mitigate the risk of downtime
- virus scanning - Files attached to your AS2 messages can be contaminated with trojans, viruses and other malware. You can counter these threats if your AS2 server had built-in support for virus/malware scanning
Although there are several other features that can enhance the capability of your AS2 server and make it worth the investment, these are the most important ones. A server that has all these attributes can help you achieve a low TCO and a good ROI. In our next post, we'll talk about JSCAPE MFT Server, a Drummond-certified managed file transfer server that supports AS2 and several other file transfer protocols.
JSCAPE MFT Server ticks all the boxes included in this post. If you want to know more about it and its capabilities as an AS2 server, stay tuned for our next post or visit this page.
You can also download the FREE Starter Edition of JSCAPE MFT Server and test this AS2 server yourself.